From now on, when you want to hide/unhide file extensions, do not use the registry. Use the folder options dialogue and then click the corresponding option. -----Original Message----- From: programmingblind-bounce@xxxxxxxxxxxxx [mailto:programmingblind-bounce@xxxxxxxxxxxxx] On Behalf Of Tyler Littlefield Sent: Saturday, September 04, 2010 11:11 PM To: programmingblind@xxxxxxxxxxxxx Subject: Re: suspicious little link... -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 They can, but... see my later post. On 9/4/2010 8:48 PM, qubit wrote: > I indeed did install WinSCP, and it is only on my computer, I hope. We don't > have a tight network in this house -- just a simple lan with a little file > sharing. Could a trojan travel from one computer to another without me doing > anything? > --le > > ----- Original Message ----- > From: "Tyler Littlefield" <tyler@xxxxxxxxxxxxx> > To: <programmingblind@xxxxxxxxxxxxx> > Sent: Saturday, September 04, 2010 9:11 PM > Subject: Re: suspicious little link... > > > Like totally, dude. Like OMG! > > That aside, I don't see WINScp loading you up with trogens. And silly > enough to overlook what? > > I did a quick scan through the docs and didn't see that arg you asked > about, but I'm not quite sure what it would upload. It seems the upload > target would have to be in the command line. But that link would still > have to be fired off for it to upload anything. Unless this is some > elaborate trogen full of holes, but you really can't expect winSCP to be > installed on a computer. How many end-users have it? > > > On 9/4/2010 8:02 PM, Katherine moss wrote: >> I think it's a Trojan, dude. Scan your computer with >> www.eset.com/onlinescan. That should tell you unless they were silly >> enough >> to overlook it. And also, check the directories that WinCP puts on your >> system. You could have just been unaware of it. > >> -----Original Message----- >> From: programmingblind-bounce@xxxxxxxxxxxxx >> [mailto:programmingblind-bounce@xxxxxxxxxxxxx] On Behalf Of qubit >> Sent: Friday, September 03, 2010 11:45 PM >> To: bprogramming >> Subject: suspicious little link... > >> Hi all -- >> Could someone tell me if this is part of an attack and if so, how do I rid >> my computer of it? >> I was cleaning off my desktop of old files and discovered a file with the >> name of " .lnk" (note that .lnk indicates it is a shortcut. I have fiddled >> with the registry to unhide all extensions in windows explorer.) >> Note that the above shortcut has the base name of a single space. I >> looked >> at the properties to see what this thing was pointing to, and found the >> following. >> target: c:\program files\WinSCP\WinSCP.exe /UploadIfAny > >> I did in fact install WinSCP some time ago, but I was not aware of a >> little >> shortcut named space uploading who-knows-what. >> I don't know the target server of the upload or the directory on my >> machine >> that it would look at. > >> I wouldn't be surprised if there was a trojan on this laptop as I have >> indiscriminantly installed a number of programs, but given the suspicious >> appearance of this shortcut I fear there are data files being compromised. >> My machine is running xp pro, but I don't have server software running on >> it. >> So does anyone recognize this file? Could it be legitimate? Where would I >> look for related files? > >> I suppose the admin logs would shed light on any uploads. >> Thanks. >> --le > >> __________ >> View the list's information and change your settings at >> //www.freelists.org/list/programmingblind > > > >> __________ Information from ESET NOD32 Antivirus, version of virus >> signature >> database 5423 (20100904) __________ > >> The message was checked by ESET NOD32 Antivirus. > >> http://www.eset.com > > >> __________ Information from ESET NOD32 Antivirus, version of virus >> signature >> database 5423 (20100904) __________ > >> The message was checked by ESET NOD32 Antivirus. > >> http://www.eset.com > > > >> __________ Information from ESET NOD32 Antivirus, version of virus >> signature >> database 5423 (20100904) __________ > >> The message was checked by ESET NOD32 Antivirus. > >> http://www.eset.com > > >> __________ >> View the list's information and change your settings at >> //www.freelists.org/list/programmingblind > > > > can, __________ View the list's information and change your settings at //www.freelists.org/list/programmingblind __________ View the list's information and change your settings at //www.freelists.org/list/programmingblind - -- Thanks, Tyler Littlefield -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJMgwpcAAoJELDPyrppriJPTZYH/RiBTftRfDHX7f6ITZAScAQa Hj+1SJnoOAof2vevIgRq4aD+ixCINLgcq7BrMrzu1WoDvYmlMpHkJhKw0x7DO8Li steOKT/BUtE5V7lDLljGNVt2Q/AKBlRwK+fAjnX2ccg1zk5AecnYNRZp4P+PWNZF WwXKPa3LW3FVknf1kz216tqO0YPY+vQk5CtScN7W6JL22JVl/osvB5a/yhK9OpY0 imxv9heYMNvXjCqXlafQsPpvIg7+8GV8PtSWT53UYwhZQvrB20XsOAn2W+yovgUl lgM9v5yNO4xrn9MyY3TkVPywOjh+q7NRCNRLvDF+tGhyzeSvXvPh6XNpqAaJLNk= =O3vr -----END PGP SIGNATURE----- __________ View the list's information and change your settings at //www.freelists.org/list/programmingblind __________ Information from ESET NOD32 Antivirus, version of virus signature database 5423 (20100904) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __________ View the list's information and change your settings at //www.freelists.org/list/programmingblind